Wireshark · Ethereal-dev: Re: [Ethereal-dev] Understanding different time representations

Ethereal-dev: Re: [Ethereal-dev] Understanding different time representations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <gharris@xxxxxxxxx>

Date: Fri, 4 Jun 2004 12:12:07 -0700 (PDT)

Edward Mazurek said:
> I've written a special trace file formatter that runs against
> both Sniffer(TRSNIFF) and Ethereal(XCP)

You misspelled "Windows Sniffer" :-)

I.e., those files aren't Ethereal files, they're files from the Windows
version of Sniffer (and from its precessor, NetXRay from Cinco Networks).

> type files and I'm
> having a little problem with the time calculations. In some
> of the XCP files it looks like the absolute time calculation
> needs to include dividing by 3.57967377666. In other of the
> XCP files I don't need to do this because the time is already
> in microseconds. Does anyone know what exactly in the header
> I can look for to determine if I need to do that extra divide?

See Ethereal's code for reading those files, in "wiretap/netxray.c" (and
note that it's not one field in the header, the code's a bit more
complicated than that), but be aware that Ethereal's code is not perfect -
there are some files where we still haven't figured out what to use to
determine what the units of the time stamp are.  If you figure it out, let
us know....

Follow-Ups:
- Re: [Ethereal-dev] Understanding different time representations
  - From: Edward Mazurek

References:
- [Ethereal-dev] Understanding different time representations
  - From: Edward Mazurek

Prev by Date: Re: [Ethereal-dev] Incorrect TCP checksums
Next by Date: [Ethereal-dev] Can visual C++.net standard be used to build ethereal?
Previous by thread: [Ethereal-dev] Understanding different time representations
Next by thread: Re: [Ethereal-dev] Understanding different time representations
Index(es):
- Date
- Thread